CNIL (the French DPA – Data Protection Authority) has recently performed a
series of inspections related to the conformity with the French legislation
of Google’s gathering data from Wi-Fi networks for its Google Maps, Street
View and Latitude services on France’s territory.

The inspections have revealed several infringements of the law, including
the collection, through Google’s Street View service cars, of WiFi data
without the knowledge of the data subjects and of content-related data such
as IDs, login details, emails and passwords.

In May 2010, CNIL formally notified Google of the infringements and,
as the company had not officially replied, on 17 March 2011, issued a
100 000 Euro fine on the company, the highest fine CNIL has applied since it
received, in 2004, the power to impose financial sanctions.

According to Google, the collection of the respective data was involuntary
and a mistake. “As soon as we realised what was going on, we have
immediately stopped our Street View cars” said Peter Fleischer,
Google’s Global Privacy Counsel, who added that all the collected
data can now be deleted.

CNIL confirmed that Google stopped collecting Wi-Fi data through its “Google
cars” and deleted the collected data. However, the DPA believes that
the company has not refrained from using the data without the knowledge of
the data subjects and, moreover, has continued to gather such kind of data,
without informing the data subjects, through users’ mobile terminals
connecting to the geo-location service, Latitude (smartphones, etc.).

“They were not always willing to co-operate with us, they didn’t give us
all the information we asked for, like the source code of all devices in the
Google cars,” said Yann Padova, CNIL’s executive director who added: “They
were not always very transparent.”